public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/12626] New: __backtrace_symbols_fd uses of out-of-scope storage in stack frame
@ 2011-03-30 20:10 jreiser at BitWagon dot com
2011-05-14 15:14 ` [Bug libc/12626] " drepper.fsp at gmail dot com
2014-06-27 13:18 ` fweimer at redhat dot com
0 siblings, 2 replies; 3+ messages in thread
From: jreiser at BitWagon dot com @ 2011-03-30 20:10 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12626
Summary: __backtrace_symbols_fd uses of out-of-scope storage in
stack frame
Product: glibc
Version: 2.13
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: jreiser@BitWagon.com
Function __backtrace_symbolfs_fd (in source file
sysdeps/generic/elf/backtracesymsfd.c, MAIN branch, revision 1.5) uses storage
that is out-of-scope in the current stack frame. The local array char
buf2[WORD_WIDTH] is declared and used inside a block, but a pointer into buf2
is stored into iov[4].iov_base. The iov[4].iov_base is accessed by writev()
after exiting the block that declares buf2. Because buf2 is out-of-scope when
iov[4].iov_base is accessed, then there is no guarantee that the storage exists
or has the expected contents. In particular, a compiler which does "allocation
by contour" may well reclaim the space upon exit from the block, by discarding
[truncating] that portion of the stack frame.
The simple fix is to move the declaration of buf2 up next to the declaration of
'buf', where both will persist until after the writev().
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug libc/12626] __backtrace_symbols_fd uses of out-of-scope storage in stack frame
2011-03-30 20:10 [Bug libc/12626] New: __backtrace_symbols_fd uses of out-of-scope storage in stack frame jreiser at BitWagon dot com
@ 2011-05-14 15:14 ` drepper.fsp at gmail dot com
2014-06-27 13:18 ` fweimer at redhat dot com
1 sibling, 0 replies; 3+ messages in thread
From: drepper.fsp at gmail dot com @ 2011-05-14 15:14 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12626
Ulrich Drepper <drepper.fsp at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #1 from Ulrich Drepper <drepper.fsp at gmail dot com> 2011-05-14 15:14:39 UTC ---
Fixed in git.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug libc/12626] __backtrace_symbols_fd uses of out-of-scope storage in stack frame
2011-03-30 20:10 [Bug libc/12626] New: __backtrace_symbols_fd uses of out-of-scope storage in stack frame jreiser at BitWagon dot com
2011-05-14 15:14 ` [Bug libc/12626] " drepper.fsp at gmail dot com
@ 2014-06-27 13:18 ` fweimer at redhat dot com
1 sibling, 0 replies; 3+ messages in thread
From: fweimer at redhat dot com @ 2014-06-27 13:18 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=12626
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-06-27 13:18 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-03-30 20:10 [Bug libc/12626] New: __backtrace_symbols_fd uses of out-of-scope storage in stack frame jreiser at BitWagon dot com
2011-05-14 15:14 ` [Bug libc/12626] " drepper.fsp at gmail dot com
2014-06-27 13:18 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).